This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Global Protect

Hi Friends, We have a customer who is using global protect. Two HIP profiles are configured for two different groups. One for AD users and one for Local users. The requirement is if local user tries to login he should get the hip profile banner set up for local user If the ad user login he should get the hip profile banner that is setup for A...

MFA on PAN-OS Firewall (okta integrated) redirects on GP instead of browser for HTTP resources.

I have MFA deployed on the firewall ( okta integrated), based on implementation if user is accessing http/https based resources then redirect will happen in Browser however, for non-http applications MFA will prompt on GP client App, Please note port 4501 added into the system's firewall rule. I have an issue where users are seeing some incons...

GlobalProtect Web Portal - Domain Validation Code (DVC) - /.well-known/pki-validation

Does anyone know how to go about performing domain validation for an IP address for the GlobalProtect Portal? This is a standard supported by most Certificate providers but I can't find anything about it when searching Palo Alto's site. With this tunnelcrack vulnerability and the need to use an IP address in the SAN of a publicly signed cert,...

Resolved! GlobalProtect issues after updating firewall version to 10.2.3

Hi Team The customer recently updated one of their firewalls to version 10.2.3 and now when we try to connect to the GlobalProtect client on the end user's machines, we are prompted twice to sign in. The monitoring tab gives a failure with "Authentication failed: empty password". Adding to this, we use Cisco Duo for MFA and we are prompted twi...

GP 6.0.6 - Cookie expired only from mobile phone

Hi, we have PA-850 and we deployed GP 6.0.7 for desktops and 6.0.6 version for mobile phones. The authentication is based on SAML via Azure and every connection from desktops works flawlessly. Recently we started receiving complaints from users that the VPN stopped working on phones, they received an XML saying Access Denied (attached). Looking ...

Group Login condition Azure Groups

Hi, We are using our on prem LDAP to fetch groups on the Palo. For GP authentication as well, we are using group in 1) GP Portal > Agent > Config Selection Criteria > User/User Group 2) GP Gateway > Agent > Client Settings > Config Selection Criteria This works well with on prem LDAP. Now we are trialling out SAML with Azure...

Resolved! Global Protect SAML: authentication works fails on matching client config not found. Group not matching.

Hi, I am trying to configure globalprotect to use SAML authentication for the portal and gateway. The authentication seems to work but when, but i am not getting a valid client config when i use groups in allow list. I am sure it is related to group mapping and user id but don't know where exactly it is going wrong. I have the following conf...

zGomez_0-1694012059685.png
zGomez_1-1694012177202.png
zGomez_2-1694012661065.png
zGomez_3-1694012917716.png
zGomez by L3 Networker
  • 4643 Views
  • 1 replies
  • 0 Likes

Resolved! HIP profile is not working with WAN rule

Hello valued community, unfortunately, I am still seeking answers for my issue. I have an HIP profile that works when defined as an example for someone establishing a VPN connection using RDP. However, I am unable to achieve results when applied to a WAN rule. Precisely, what I want to achieve is this: If it doesn't meet the conditions specified...

Resolved! VPN user not allowed to gain access

Has anyone dealt with an issue where a vpn user is out of the country and cannot gain access? They are prompted to login, but it just continues to spin. In the GlobalProtect logs, it's saying 'success' though the portal, but not through the gateway.

How to Update the SAML Certificate When Integrated with Azure AD and SAML.”

Hello, I’m using Azure AD as the Identity Provider (IdP) and GlobalProtect as the Service Provider (SP) for SSO. I’m having difficulty updating the SAML certificate. I’ve followed these steps: 1. Issued a new SAML certificate in Azure AD.2. Imported this new certificate into GlobalProtect.3. Activated the new Azure AD SAML certificate in GlobalP...

taro1021 by L0 Member
  • 9067 Views
  • 1 replies
  • 0 Likes

GlobalProtect Random disconnects

Hello,Has anyone else have issues with random GP disconnections since recently (May/June/July 2021) on GP version 5.0.x and 5.2.x ? It started around one month ago throughout the whole company and we weren't able to figure out what's going on till now.There is no preceding events logged in the GP debug or dump level trace that would point to an ...

Resolved! Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)

Hi, Has anyone running the client version of GP successfully mittigated the Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater) for the GP portals? I have only found ways to disable DHE for clientless GP configuration. We are running PANOS 10.1.10 h1 but it seems like DHE is supported on all PANOS version even though it ...

  • 2062 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks